exim+dovecot: let recipient-check work; fixes #6

roles/dmz_exim/tasks/main.yml

@@ -496,9 +496,10 @@
     block: |
       lmtp_user:
         debug_print = "R: lmtp_user for $local_part@$domain"
-        driver = accept
+        driver = manualroute
         domains = +local_domains
         transport = lmtp_transport
+        route_list = * {{SafeZone_IP}} byname
         cannot_route_message = Unknown user
     insertbefore: '^#localuser:'
   notify:
@@ -510,10 +511,10 @@
     marker: '  # {mark} LMTP transport'
     block: |
       lmtp_transport:
-        driver = lmtp
+        driver = smtp
-        socket = /run/shared_sockets/lmtp
+        protocol = lmtp
-        user = exim
+        rcpt_include_affixes
-        current_directory = /var/spool/exim
+        port = 24
     insertbefore: '^# This transport is used'
   notify:
     - restart exim.service

roles/dovecot/templates/dovecot.conf.j2

@@ -51,15 +51,15 @@ service imap-login {
   }
 }
 service lmtp {
-  unix_listener /run/shared_sockets/lmtp {
+  #unix_listener /run/shared_sockets/lmtp {
-    mode = 0666
+  #  mode = 0666
+  #}
+  # Create inet listener only if you can't use the above UNIX socket
+  # https://yalis.fr/git/yves/home-server/issues/6
+  inet_listener lmtp {
+    address = {{SafeZone_IP}}
+    port = 24
   }
-#  # Create inet listener only if you can't use the above UNIX socket
-#  #inet_listener lmtp {
-#    # Avoid making LMTP visible for the entire internet
-#    #address =
-#    #port = 
-#  #}
 }
 service imap {
 }

roles/nftables_back/templates/nftables.conf.j2

@@ -72,6 +72,11 @@ table ip{{v}} Inet{{V}} {
 
     # ssh
     tcp dport 22 accept
+{% call(net) trust(DMZ_IP) %}
+
+    # lmtp
+    tcp dport 24 ip saddr {{net}} accept
+{% endcall %}
 
     # portmapper
     tcp dport 111 accept